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Network Address Translation In the Global System 

for Mobile Communications 

Field of the Invention 

This invention relates to mobile communication systems and in particular to 
a system for providing multiple IP addresses to a port in a Global System for 
Mobile Communications network. 

Problem 

It is a problem in the field of mobile communications systems to isolate 
internal IP traffic from external IP traffic in the Inter-Working Function (IWF) of a 
Global System for Mobile Communications network. In particular, the Inter- 
Working Function is used to process both customer-based Internet traffic and 
Operations, Administration, Maintenance & Provisioning functions. The 
Operations, Administration, Maintenance & Provisioning functions should not be 
accessible via a public Internet address while the customer-based Internet 
presence is accessible via a public Internet address. Existing solutions require the 
use of both hardware and software in order to provision the Operations, 
Administration, Maintenance & Provisioning functions. However, each of the 
existing solutions entail additional cost and complexity to provide the traffic 
isolation. 

Solution 

The above described problems are solved and a technical advance 
achieved by the present network address translation system in a Global System for 
Mobile Communications network which isolates internal IP traffic from external IP 
traffic in the Inter-Working Function (IWF) of a Global System for Mobile 
Communications network by assigning dual IP addresses for the Inter-Working 

Function Protocol Engine. 

The Inter-Working Function Protocol Engine includes one or more Ethernet 
Ports, each of which is assigned a private IP address, to connect to the Ethernet 
Switch as well as a public IP address of the customer's network, used to connect 
to L2TP Network Sen/er. The customer data received from the Mobile Subscriber 
Station is passed from the GSM Mobile Switching Controller to the Inter-Working 
Function Protocol Engine, where it is switched through one or more Ethernet Ports 
to Ethernet Switch and then to the L2TP Network Server for transmission to the 
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Internet. 

Internal IP traffic is transmitted through the Ethernet Switch among the 
Inter-Working Function Management System, used for Operations, Administration. 
Maintenance & Provisioning functions, modem pool, and the Inter-Working 
Function Protocol Engine, using the private IP address assigned to one or more 
Ethernet Ports of Inter-Working Function Protocol Engine. 

Brief Description o f the Drawings 

Figure 1 illustrates in block diagram form the overall architecture of the 
present network address translation system that isolates internal IP traffic from 
external IP traffic in the Inter-Working Function (IWF) of a Global System for 
Mobile Communications network and an environment in which it is operational; 

Figure 2 illustrates in block diagram form the architecture of an existing 
wireless network that serves to interconnect customer premise equipment with 

selected destinations; and 

Figures 3-5 illustrate in block diagram form the architecture of existing 
wireless network configurations that isolate internal IP traffic from external IP traffic 
in the Inter-Working Function (IWF) of a Global System for Mobile 

Communications network. 

Detaiied Description n f the Drawings 

It is a problem in the field of mobile communications systems to isolate 
intemal IP traffic from external IP traffic in the Inter-Working Function (IWF) of a 
Global System for Mobile Communications network. 
Existing Internet Access Systems 

Figure 2 illustrates in block diagram form the architecture of an existing 
wireless network that serves to interconnect customer premise equipment with the 
Internet. Cellular communication networks 106 as shown in block diagram form in 
Figure 2 provides the service of connecting wireless telecommunication 
customers, each having a mobile subscriber station, to both land-based customers 
105 who are served by the Public Switched Telephone Network (PSTN) 108 as 
well as other wireless telecommunication customers 102. In such a network, all 
incoming and outgoing calls are routed through Mobile Switching Centers (MSC) 
103, each of which is connected to a plurality of Base Station Subsystems (BSS) 
151 which communicate w ith mobile subscriber stations 101 located in the area 
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covered by the cell sites. The mobile subscriber stations 101 are served by the 
Base Station Subsystems (BSS) 151, each of which is located in one cell area of a 
larger service region. Each cell site in the service region is connected by a group 
of communication links to the Mobile Switching Center 103. Each cell site contains 
a group of radio transmitters and receivers, termed a Base Station (BS) 153 
herein, with each transmitter-receiver pair being connected to one communication 
link. Each transmitter-receiver pair operates on a pair of radio frequencies to 
create a communication channel; one frequency to transmit radio signals to the 
mobile subscriber station and the other frequency to receive radio signals from the 
mobile subscriber station. The Mobile Switching Center 103, in conjunction with 
the Home Location Register (HLR) and the Visitor Location Register (VLR) of the 
Mobile Switching Center 103. manages subscriber registration, subscriber 
authentication, and the provision of wireless services such as voice mail, call 
fonwarding. roaming validation and so on. The Mobile Switching Center 103 is 
connected to an Intenworking Function 104 which serves to interconnect the Mobile 
Switching Center 103 with the Public Switched Telephone Network (PSTN) 108. 
In addition, the Intenworking Function 104 is connected to a Remote Access Server 
128 which provides access to the Internet. 

The voice communications between mobile subscriber station 101 and other 
subscriber stations, such as land line based subscriber station 105. is effected by 
routing the communications received from the mobile subscriber station 101 
through the Mobile Switching Center 103 and trunks to the Public Switched 
Telephone Network (PSTN) 108 where the communications are routed to a Local 
Exchange Carrier (not shown) that serves land line based subscriber station 105. 
There are numerous Mobile Switching Centers 103 that are connected to the 
Public Switched Telephone Network (PSTN) 108 to thereby enable subscribers at 
both land line based subscriber stations and mobile subscriber stations to 
communicate between selected stations thereof. Data communications between 
mobile subscriber station 101 and other data communication systems, such as 
server 120 or corporate network 122. is effected by routing the data 
communications received from the mobile subscriber station 101 through Mobile 
Switching Center 103. Intenworking Function 104 and Remote Access Server 128 
via an ISUP/ISDN Primary Rate connection. The corporate network 122 typically 
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comprises a corporate gateway server 123, which connects data communications 
received from the Internet 107 to various servers 121 and terminal devices 109 via 
an internal Local Area Network 125. This architecture represents the present 
architecture of the wireless and wire-line communication networks. 

In this network architecture, the data communications from mobile 
subscriber station 101 to the Internet (through an Internet Service Provider) or a 
corporate network 1 22 must be switched through the Remote Access Server 1 28 
to the Internet 107. The dial-up access to the corporate gateway 122 through 
Remote Access Server 1 28 can be a long distance call to the corporate office. To 
achieve reasonable data rates, the wire-line connection from the Remote Access 
Server 128 to the Internet 107 must be a high data rate line with its associated 
costs, such as an ISUP/ISDN Primary Rate connection. 
Existing Network Address Translation Systems 

Figures 3-5 illustrate in block diagram form the architecture of existing 
wireless network configurations that isolate internal IP traffic from external IP traffic 
in the Inter-Working Function (IWF) of a Global System for Mobile 
Communications network. In particular, the Inter-Working Function is used to 
process both customer-based Internet traffic and Operations, Administration, 
Maintenance & Provisioning functions. The Operations, Administration, 
Maintenance & Provisioning functions should not be accessible via a public 
Internet address while the customer-based Internet presence is accessible via a 
public Internet address. Existing systems use both hardware and software to 
separate the two types of IP traffic within the I nter-Working Function ( IWF) of a 
Global System for Mobile Communications network. 

Figure 3 illustrates the use of a Network Address Translation system 302, 
connected to the Inter-Working Function (IWF) 301 of a Global System for Mobile 
Communications network, to isolate internal IP traffic from external IP traffic in the 
Inter-Working Function (IWF) 301 of a Global System for Mobile Communications 
network. The Inter-Working Function (IWF) 301 includes an Ethernet Switch 314 
that interconnects the Inter-Working Function Management System 311, used for 
Operations, Administration, Maintenance & Provisioning functions, with the Inter- 
Working Function Protocol Engine 312 and a modem pool 313. The Inter-Working 
Function Protocol Engine 312 is also connected by Network Address Translation 
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system 302 to the Internet 1 07 in well-known fashion via an L2TP Network Server 
303. The Network Address Translation system 302 includes one or more Ethernet 
Ports 321, each of which are assigned a private IP address, to connect to the 
Ethernet Switch 314. In addition, one or more Ethernet Ports 322, each of which is 
assigned a public IP address of the customer's network is used to connect to L2TP 
Network Server 303. Thus, customer data a s shown by the heavy solid line on 
Figure 3, received from the Mobile Subscriber Station 101 is passed from the GSM 
Mobile Switching Controller 106D to the Inter-Working Function Protocol Engine 

312, where it is switched through Ethernet Switch 3 14 to one or more Ethernet 
Ports 321 of the Network Address Translation system 302 to the L2TP Network 
Server 303 for transmission to the Internet 107. 

Internal IP traffic, shown by the dotted line in Figure 3, is transmitted 
through the Ethernet Switch 314 among the Inter-Working Function Management 
System 311, used for Operations, Administration, Maintenance & Provisioning 
functions, with the Inter-Working Function Protocol Engine 312 and a modem pool 

313. Thus, the system of Figure 3 requires the use of a Network Address 
translation system 302 to present an Ethernet Port 322 having the IP address of 
the customer's network to the Internet 107 via an L2TP Network Server 303. This 
public IP address is translated by the Network Address translation system 302 and 
the data transferred through the Ethernet Switch 314 to the Mobile Subscriber 
Station 101 . Thus, the internal IP addresses active on the Ethernet Switch 314 are 
hidden from outside public access, since they reside behind the protection afforded 
by the Network Address translation system 302. 

A similar system is shown in Figure 4, where the Inter-Working Function 
(IWF) 301 includes an Ethernet Switch 314 that interconnects t he Inter-Working 
Function Management System 311, used for Operations, Administration, 
Maintenance & Provisioning functions, with the Inter-Working Function Protocol 
Engine 312 and a modem pool 313. The Inter-Working Function Protocol Engine 
312 is also connected to the Internet 107 in well-known fashion via an L2TP 
Network Server 303. The Inter-Working Function Protocol Engine 312 includes 
one or more Ethernet Ports 321, each of which is assigned a public IP address of 
the customer's network, to connect to the L2TP Network Server 303. In addition, 
the Inter-Working Function Protocol Engine 312 includes one or more Ethernet 
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Ports 322. each of which is assigned a private IP address to connect to the 
Ethernet Switch 314. Thus, customer data as shown by the heavy solid line on 
Figure 4. received from the Mobile Subscriber Station 101 is passed from the GSM 
Mobile S witching Controller 106Dto the I nter-Working Function Protocol Engine 

312. where it is switched through one or more Ethernet Ports 321 to the L2TP 
Network Server 303 for transmission to the Internet 107. 

Internal IP traffic, shown by the dotted line in Figure 4, is transmitted 
through the Ethernet Switch 314 among the Inter-Working Function Management 
System 311. used for Operations. Administration. Maintenance & Provisioning 
functions, with the Inter-Working Function Protocol Engine 312 and a modem pool 

313. Thus, the system of Figure 4 requires the use of one or more Ethernet Ports 

321 to present an Ethernet Port having the IP address of the customer's network to 
the Internet 107 via an L2TP Network Server 303 in addition to the Ethernet Ports 

322 to connect to the Ethernet Switch 314 for internal IP traffic. The public IP 
address is translated by the presence of one or more Ethernet Ports 321 to 
present an Ethernet Port having the IP address of the customer's network and the 
data transferred through the Inter-Working Function Protocol Engine 31 2 to the 
Mobile Subscriber Station 101. Thus, the internal IP addresses active on the 
Ethernet Switch 314 are hidden from outside public access, since they reside 
behind the protection afforded by the use of the multiple Ethernet Ports in the Inter- 
Working Function Protocol Engine 312. 

A similar system is shown in Figure 5, where the Inter-Working Function 
(IWF) 301 i ncludes a n E thernet Switch 3 14 that interconnects the Inter-Working 
Function Management System 311. used for Operations. Administration, 
Maintenance & Provisioning functions, with the Inter-Working Function Protocol 
Engine 312 and a modem pool 313. The Ethernet Switch 314 is also connected to 
the Internet 107 in well-known fashion via an L2TP Network Server 303. The Inter- 
Working Function Protocol Engine 312 includes one or more Ethernet Ports 321. 
each of which is assigned a public IP address of the customer's network, to 
connect to the L2TP Network Server 303 via the Ethernet Switch 314. In addition, 
the Inter-Working Function Management System 311 includes one or more 
Ethernet Ports 321. each of which is assigned a public IP address of the 
customer's network to connect to the Ethemet Switch 314. Thus, customer data 
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as shown by the heavy solid line on Figure 5. received from the Mobile Subscriber 
Station 101 is passed from the GSM Mobile Switching Controller 106D to the Inter- 
Working Function Protocol Engine 312. where it is switched through one or more 
Ethernet Ports 321 and the Ethernet Switch 314 to the L2TP Network Server 303 
for transmission to the Internet 107. 

Internal IP traffic, shown by the dotted line in Figure 5, is transmitted 
through the Ethernet Switch 314 among the Inter-Working Function Management 
System 311, used for Operations, Administration, Maintenance & Provisioning 
functions, with the Inter-Working Function Protocol Engine 312 and a modem pool 
313. Thus, the system of Figure 5 requires the use of one or more Ethernet Ports 

321 to present an Ethernet Port having the IP address of the customer's network to 
the Internet 107 via an L2TP Network Server 303 in addition to the Ethernet Ports 

322 having the IP address of the customer's network to connect to the Ethernet 
Switch 314 for internal IP traffic. The use of public IP addresses for both Ethernet 
Ports 321 and 322 open these ports to outside public access, since they do not 
reside behind any form of protection. In addition, this system uses customer IP 
addresses to serve internal IP needs. 

Thus, all of the above-noted present system configurations suffer from one 
or more disadvantages, either the use of additional hardware or a simple 
inexpensive system with the loss of protection afforded by the use of the additional 
hardware. 

Network Address Translation 

Figure 1 illustrates in block diagram form the overall architecture of the 
present network address translation system that isolates internal IP traffic from 
external IP traffic in the Inter-Working Function (IWF) of a Global System for 
Mobile Communications network and an environment in which it is operational. In 
particular, the Inter-Working Function (IWF) 100 includes an Ethernet Switch 114 
that interconnects the Inter-Working Function Management System 111, used for 
Operations. Administration, Maintenance & Provisioning functions, with the Inter- 
Working Function Protocol Engine 112 and a modem pool 113. 

The Inter-Working Function Protocol Engine 112 includes one or more 
Ethernet Ports 116, each of which is assigned a private IP address, to connect to 
the Ethernet Switch 1 14 as well as a public IP address of the customer's network, 
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used to connect to L2TP Network Server 115. Thus, customer data as shown by 
the heavy solid line on Figure 1, received from the Mobile Subscriber Station 101 
is passed from the GSM Mobile Switching Controller 106D to the Inter-Working 
Function Protocol Engine 112. where it is switched through one or more Ethernet 
5 Ports 116 to Ethernet Switch 114 and then to the L2TP Network Server 115 for 
transmission to the Internet 107. 

Internal IP traffic, shown by the dotted line in Figure 1. is transmitted 
through the Ethernet Switch 114 among the Inter-Working Function Management 
System 111, used for Operations. Administration, Maintenance & Provisioning 

10 functions, modem pool 113, and the Inter-Working Function Protocol Engine 112. 
using the private IP address assigned to one or more Ethernet Ports 116 of Inter- 
Working Function Protocol Engine 112. 

Thus, the system of Figure 1 provides dual IP addresses for the Ethernet 
Port 116, one having the IP address of the customer's network and one being the 

15 internal IP address active on the Ethernet Switch 1 14. 
Summary 

The p resent network address translation system isolates internal I P traffic 
from external IP traffic in the Inter-Working Function (IWF) of a Global System for 
Mobile Communications network by assigning dual IP addresses for the Inter- 
20 Working Function Protocol Engine. 
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